| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- Add freebsd host (192.168.2.202) as roaming client connecting to both gateways
- Add gateway: false option to connect to mesh without routing internet through VPN
- Add /24 subnet mask for FreeBSD IPv4 addresses (required by wg-quick)
- Skip hosts without ssh section during rake install
- Update exclude_peers for f0, f1, f2, r0, r1, r2, earth, pixel7pro
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
Enable IPv6 support across all 10 mesh network hosts using ULA addressing
(fd42:beef:cafe:2::/64). Modified generator to output dual-stack configurations:
- Updated address() method to generate multiple Address directives for IPv6
- Modified peers() AllowedIPs to include both IPv4/32 and IPv6/128 addresses
- Maintained backward compatibility for hosts without ipv6 field in YAML
- Roaming clients still route all traffic (0.0.0.0/0, ::/0) through VPN
All hosts now have IPv6 addresses assigned in YAML configuration.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Core changes to wireguardmeshgenerator.rb:
- Add roaming client detection (hosts without 'lan' or 'internet' sections)
- Enable PersistentKeepalive for all roaming client peer connections
- Route all traffic (0.0.0.0/0, ::/0) through VPN for roaming clients
- Add DNS configuration (1.1.1.1, 8.8.8.8) for roaming clients
- Handle CIDR notation in AllowedIPs without adding /32
- Support configurable SSH port per host (default 22, OpenBSD hosts use 2)
YAML configuration changes:
- Add earth roaming client (192.168.2.200, Fedora laptop)
- Add pixel7pro roaming client (192.168.2.201, Android phone)
- Configure client-only architecture via exclude_peers
- Roaming clients connect only to blowfish and fishfinger gateways
- LAN hosts (f0-f2, r0-r2) exclude roaming clients from peering
- Add SSH port 2 for OpenBSD hosts (blowfish, fishfinger)
Dependency updates:
- Add 'rake' gem to Gemfile for task management
- Add 'logger' gem to suppress Ruby 4.0 deprecation warnings
Implementation notes:
- Roaming clients have no fixed 'lan' or 'internet' section
- All-traffic routing enables internet access through VPN gateways
- NAT rules on OpenBSD gateways required for internet access
- WireGuard does not support automatic failover between peers
- Manual reconnection required if active gateway fails
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
